Security Alerts and Updates

Latest Security Updates for Apple Software
Latest Security Tests from AV-Comparatives

July 2021 (Click listings for more information).
24  Win10 July security updates break printing on some systems.
23  Fake Windows 11 installers used to infect you with malware.
23  MacOS malware steals Telegram accounts, Google Chrome data.
23  The Week in Ransomware – Kaseya decrypted.
23  Bug that breaks iPhone WiFi when joining rogue hotspots fixed.
23  Major news sites serve porn after domain takeover.
22  Microsoft Edge 92 brings a new Password Health dashboard.
22  Kaseya obtains decryptor for REvil ransomware victims.
22  Ransomware breached CNA’s network via fake browser update.
22  Parts of internet inaccessible due to Akamai Edge DNS outage.
21  NPM package steals Chrome passwords on Windows.
21  Chrome now comes with up to 50x faster phishing detection.
21  XLoader malware steals logins from macOS & Windows systems.
21  Workaround shared for Windows 10 SeriousSAM vulnerability.
20  Windows 10 more vulnerable? – by Susan Bradley.
20  Chrome gets better privacy & security without draining the battery.
20  DuckDuckGo’s new email service forwards tracker-free messages.
20  Windows 10 vulnerability allows anyone to get admin privileges.
20  Linux kernel bug lets you get root on most modern distros.
20  Chrome 92 deprecates payment handler configuration, more.
20  MosaicLoader malware delivers Facebook stealers, RATs.
20  16-year-old bug in printer software gives hackers admin rights.
19  iPhone WiFi bug morphs into zero-click hacking, but there’s a fix.
19  Safari 14.1.2 released for macOS Catalina & macOS Mojave.
19  iOS 14.7 released: Everything new in iOS 14.7.
19  Microsoft takes down domains used to scam Office 365 users.
19  iPhones running latest iOS hacked to deploy NSO Group spyware.
18  This Week in Security – by Zack Whittaker.
18  Windows print spooler 0-day exploitable via remote print servers.
17  Weekend task: what’s your password? – by Susan Bradley.
16  The Week in Ransomware – REvil disappears.
16  D-Link issues fix for hard-coded password router vulnerabilities.
16  Microsoft Defender for Identity detects PrintNightmare attacks.
16  Google patches 8th Chrome zero-day exploited this year.
15  Microsoft shares guidance on Windows Print Spooler vulnerability.
15  Windows print nightmare continues with malicious driver packages.
15  Windows 10 printing issues fixed by Patch Tuesday update.
14  Chrome will add HTTPS-First Mode to keep your data safe.
14  Russian hackers targeted LinkedIn users with Safari zero-day.
14  Updated Joker malware floods into Android apps.
13  Windows 7 and 8.1 updates are live, here’s the changelog.
13  Adobe updates fix 28 vulnerabilities in 6 programs.
13  Microsoft fixes Windows Hello authentication bypass flaw.
13  Microsoft Patch Tuesday fixes 9 zero-days, 117 flaws.
13  Win10 KB5004237 & KB5004245 cumulative updates released.
13  Firefox 90 adds enhanced tracker blocking to private browsing.
12  Microsoft fixes Outlook crash issues when using Search bar.
12  SolarWinds patches critical Serv-U vulnerability.
11  This Week in Security – by Zack Whittaker.
11  Kaseya patches VSA vulnerabilities used in REvil attack.
10  Weekend task: selective patches – by Susan Bradley.
10  Mint Mobile hit by a data breach after numbers ported.
09  The Week in Ransomware – A flawed attack.
09  Microsoft Office users warned on malware-protection bypass.
09  CNA Insurance reports data breach after ransomware attack.
09  Microsoft: PrintNightmare security updates work.
09  Emergency fix for Windows 10 KB5004945 printing issues.
08  Linux Mint 20.2 arrives, upgrade path made available too.
08  Security update KB5004945 breaks printing on Zebra printers.
08  Morgan Stanley reports data breach after vendor Accellion hack.
07  PrintNightmare now patched on all Windows versions.
07  How to mitigate Print Spooler vulnerability on Windows 10.
07  Microsoft’s PrintNightmare patch fails to fix vulnerability.
07  Thousands scammed using fake Android cryptomining apps.
06  Microsoft pushes update for Windows PrintNightmare 0-day.
06  Android apps in Google Play harvest Facebook credentials.
06  Microsoft Office updates fix Outlook crashes, performance issues.
06  Microsoft 365 to let SecOps lock hacked Active Directory accounts.
06  Audacity’s privacy policy update effectively turns it into spyware.
05  QNAP fixes critical bug in NAS backup, disaster recovery app.
04  This Week in Security – by Zack Whittaker.
04  Microsoft provides further mitigations for PrintNightmare exploit.
04  Windows Update bug blocks Azure Virtual Desktops security updates.
03  Weekend task: Taming Word – by Susan Bradley.
03  The Week in Ransomware – MSPs under attack.
02  Actively exploited PrintNightmare zero-day gets unofficial patch.
02  How to bypass the Windows 11 TPM 2.0 requirement.
02  Another 0-day looms for many Western Digital users.
02  Microsoft warns of PowerShell 7 code execution vulnerability.
02  Microsoft shares mitigations for Windows PrintNightmare 0-day.
01  Does your router auto-update? – by Susan Bradley.
01  Microsoft releases PowerToys 0.41.4 fixing Awake high CPU usage.
01  Chrome will get an HTTPS-Only Mode for secure browsing.

June 2021 (Click listings for more information).
30  Print Nightmare is going to be a nightmare – by Susan Bradley.
30  Microsoft finds Netgear router bugs enabling corporate breaches.
30  Windows PrintNightmare 0-day exploit allows domain takeover.
29  Hackers use zero-day to mass-wipe My Book Live devices.
29  Windows 10 KB5004760 update fixes problems with PDF.
29  PowerToys updated with feature to prevent your PC from sleeping.
29  Microsoft translation bugs open Edge browser to UXSS attacks.
28  Data for LinkedIn users posted for sale in cyber-underground.
28  Surface Pro 7 firmware update brings critical security fixes.
28  NVIDIA patches high-severity GeForce spoof-attack bug.
27  This Week in Security – by Zack Whittaker.
27  Everything we know so far about Windows 11.
27  AV Real-World Protection Test February-May 2021.
26  Weekend task: dealing with the Store – by Susan Bradley.
26  Nobelium hackers accessed Microsoft customer support tools.
26  Microsoft admits to signing rootkit malware in supply-chain fiasco.
25  WUshowhide is back! – by Susan Bradley.
25  The Week in Ransomware – Back in Business.
25  PS3 players baned: latest victims of attacks on gaming industry.
25  Windows privilege escalation bug exposed following botched fix.
25  Mercedes-Benz breach exposes SSNs, credit card numbers.
24  Spam downpour drips new IcedID banking trojan variant.
24  WD My Book NAS devices are being remotely wiped clean.
24  Microsoft announces Windows 11: What you need to know.
24  Google Drive update will break some of your shared links.
24  30M Dell devices at risk for remote BIOS attacks, RCE.
24  Dell SupportAssist bugs put over 30 million PCs at risk.
24  Get those June updates installed – by Susan Bradley.
23  Microsoft Store is crashing worldwide on Windows 10 PCs.
23  Microsoft fixes high-pitched noise bug in Windows 10.
23  Linux marketplace bugs allow wormable attacks, drive-by RCE.
22  Chromebooks gain new security updates for remote learning.
22  Microsoft is auto-updating more devices to Windows 10 21H1.
22  BEC Losses Top $1.8B as Tactics Evolve.
22  Email bug allows message snooping, credential theft.
22  NVIDIA WHQL Drivers now supports Windows 10 21H1.
22  Kids’ apps on Google Play rife with privacy violations.
22  Lexmark printers open to arbitrary code execution zero-day.
22  AMD 21.6.1 driver drops support for Windows 7/8/8.1, more.
21  Optional cumulative updates to Windows 10 released.
21  Tor Browser 10.0.18 released to fix numerous bugs.
21  Chrome on iOS is getting an enhanced privacy feature.
21  Agent Tesla RAT Returns in COVID-19 Vax Phish.
20  This Week in Security – by Zack Whittaker.
20  Fertility clinic discloses data breach exposing patient info.
19  Weekend task: how hot is your computer? – by Susan Bradley.
19  iPhone bug breaks WiFi when you join hotspot with unusual name.
19  Tinder spam hides “handwritten” links in profile images.
18  The Week in Ransomware – Law enforcement strikes back.
18  Wegmans Food Markets notifies customers of a data breach.
18  Win10 KB5003690 fixes issues affecting gamers since March.
18  Microsoft Linux repos suffer day-long outage, still recovering.
17  Why you don’t want to reboot in the middle of an update.
17  Windows 7 drivers no longer offered via Windows Update.
17  Google fixes 7th Chrome zero-day exploited in the wild.
17  Audi, Volkswagen customer data being sold by hackers.
17  Vishing attack bypasses email security to hit 25K mailboxes.
17  CVS health records for 1.1 billion customers exposed.
17  Carnival Cruise hit by a data breach, warns of data misuse.
17  Threat actors use Google Docs to host phishing attacks.
16  June’s Patch recap so far – by Susan Bradley.
16  KB5003698 update fixes VPN bug, blurry text issues.
16  Peloton Bike+ vulnerability allowed complete takeover.
15  Google’s Messages app is rolling out end-to-end encryption.
15  Millions of connected cameras open to eavesdropping.
15  Microsoft Defender ATP warns of jailbroken iPhones, iPads.
15  Malicious PDFs flood the web, lead to password-snarfing.
15  Microsoft disrupts large-scale, cloud-based BEC campaign.
15  Apple fixes 9th zero-day bug exploited in the wild this year.
15  KB5001391 update causes News & Interests display issues.
14  Scammers bypass Office 365 MFA in BEC attacks.
14  SEO poisoning used to backdoor targets with malware.
13  This Week in Security – by Zack Whittaker.
13  Windows 10 has an optional update problem, & it’s annoying.
13  Interpol shuts down thousands of fake online pharmacies.
12  Weekend task: Let’s look at Autoruns – by Susan Bradley.
12  Audi, Volkswagen data breach affects 3.3 million customers.
12  Intuit notifies customers of hacked TurboTax accounts.
12  Windows 10 KB4023057 issued again to fix update issues.
11  Baby clothes giant Carter’s leaks 410K customer records.
11  The Week in Ransomware – Under Pressure.
11  Emergency update for Windows 10 Xbox Game Pass bug.
11  Hackers steal McDonald’s customer and employee info.
11  Linux system service bug lets you get root on most distros.
11  Microsoft fixes issue blocking Microsoft Teams, Outlook logins.
11  EdgeDeflector v1.2.2.0 release cleans up unused code.
10  Chrome Browser Bug Under Active Attack.
10  Steam Gaming Platform Hosting Malware.
10  Hacked bugs in Samsung pre-installed apps could spy on users.
10  Microsoft shares fix for Xbox Game Pass installation errors.
10  KB5003637 update may block remote access to event logs.
09  Google fixes sixth Chrome zero-day exploited this year.
09  Windows 10 News and Interests now enabled for everyone.
09  Mysterious malware collects billions of stolen data points.
08  Intel fixes 73 vulnerabilities in June 2021 Platform Update.
08  Google Patches Critical Android RCE Bug.
08  Windows 7 and 8.1 Patch Tuesday updates are now out.
08  Windows 10 targeted by hackers using Chrome zero-days.
08  Microsoft Patch Tuesday fixes 6 exploited zero-days, 50 flaws.
08  Win10 KB5003637 & KB5003635 cumulative updates released.
08  Adobe issues security updates for 41 vulnerabilities.
08  Microsoft Office vulnerability could lead to code execution.
07  Apple announces new privacy features for Mail and Safari.
07  Bad Apple: App Store Rife with Fraud, Fleeceware.
07  US recovers most of Colonial Pipeline’s ransomware payment.
06  This Week in Security – by Zack Whittaker.
06  Signal app safety numbers do not always change: here’s why.
06  Google, Microsoft, & Mozilla work on better browser extensions.
06  Amazon to share your Internet with neighbors: How to opt-out.
05  Weekend task: what’s in your startup? – by Susan B.
05  Windows 10 2004 starts auto-updating to Windows 10 21H1.
05  These online casino emails never pay what they promise.
04  The Week in Ransomware – Where’s the beef?
03  ‘Battle for the Galaxy’ mobile game leaks 6M gamer profiles.
03  Google PPC Ads Used to Deliver Infostealers.
03  Chrome now warns you of extensions from untrusted devs.
03  Google makes it harder for Android apps to track users.
02  Firefox now auto-updates on Windows even when not running.
02  Amazon Sidewalk Poised to Sweep You Into Its Mesh.
01  Microsoft adds Automatic HTTPS in Edge for secure browsing.
01  June Office non-Security Updates have been released.
01  Microsoft fixes Edge 91 nag screens and startup page bug.
01  Firefox now blocks cross-site tracking in private browsing.

May 2021 (Click listings for more information).
31  Win10 KB5003214 update causes taskbar display glitches.
31  How to disable Edge’s annoying Bing recommendation alerts.
30  This Week in Security – by Zack Whittaker.
30  These unsubscribe emails only lead to further spam.
29  Weekend task: What’s in your task scheduler? – by Susan B.
29  Walmart phishing attack says your package was not delivered.
29  Edge 91 brings new bugs and annoying popup messages.
29  Update Firefox to avoid Netflix, Hulu streaming issues.
29  Using Fake Reviews to Find Dangerous Extensions.
28  Hackers Exploit Post-COVID Return to Offices.
28  FBI to share compromised passwords with Have I Been Pwned.
27  Targeted AnyDesk ads on Google served up a weaponized app.
27  Microsoft Edge 91 out with improved performance, and more.
27  Klarna mobile app bug lets users log into other accounts.
27  Microsoft rolls out an upgrade to Outlook for Windows.
26  Office 365: Exchange Online, Outlook emails sent to junk folder.
26  PDF Feature ‘Certified’ Widely Vulnerable to Attack.
26  BazaLoader masquerades as a movie-streaming service.
26  Microsoft fixes Windows 10 ‘News and Interests’ annoyances.
26  New technique alters memory contents of newer DRAM chips.
25  Got a Windows 7 Ultimate key lying around?
25  Chrome 91 released with new features & better security.
25  Microsoft fixes Win10 bug corrupting FLAC music files.
25  Microsoft releases Windows 10 build 19043.1023.
25  Massive Flight Simulator patch brings a ton of fixes.
25  Trend Micro Bugs Threaten Home Network Security.
25  Pulse Secure VPNs Get Quick Fix for Critical RCE.
25  Apple releases security updates for multiple products.
24  Apple fixes 3 0-days, 1 abused by XCSSET macOS malware.
24  Restaurant reservation system patches XSS bug.
24  Bluetooth flaws allow attackers to impersonate devices.
23  This Week in Security – by Zack Whittaker.
23  Chrome fix released for crashes on Windows 10, Linux.
22  Weekend task: Status of 21H1 – by Susan Bradley.
22  How to disable Window 10’s News & Interests taskbar newsfeed.
22  Wormable Windows HTTP Vul. also affects WinRM servers.
21  How to Tell a Job Offer from an ID Theft Trap.
21  The Week in Ransomware – Healthcare under attack.
21  Chrome crashes on Windows 10, possible workarounds.
21  QNAP: Qlocker ransomware used HBS backdoor account.
20  Win10 1909 KB5003212 cumulative update preview released.
20  Comcast now blocks BGP hijacking attacks and route leaks.
20  Massive malware campaign delivers fake ransomware.
20  Windows 10 20H2 is now available to everyone.
20  Android users’ data exposed via misconfigured cloud services.
19  Apple’s Craig Federighi: Macs are too susceptible to malware.
19  Google removes fake Microsoft Authenticator Chrome ext.
19  Windows 10 update blocks Microsoft Teams, Outlook logins.
19  Microsoft to retire IE on some Windows 10 versions.
19  Workaround for OneDrive 0x8004de40 login issues.
19  Recycle your phone, sure, but maybe not your number.
18  Hackers pose as meal-kit services to steal customer data.
18  Chrome now fixes breached passwords on Android.
18  Mozilla is rolling out Site Isolation to all Firefox channels.
18  How to download the Windows 10 21H1 ISO from Microsoft.
18  Windows 10 21H1 is released, these are the new features.
17  Spear-phishing poses as Truist Bank to deliver malware.
17  Warning: scammers targeting families of missing persons.
17  Exploit released for wormable Windows HTTP vulnerability.
16  Microsoft Edge fixes crashes while using YouTube.
16  This Week in Security – by Zack Whittaker.
16  Herff Jones credit card breach impacts US college students.
15  Weekend task: Squirrel away time – by Susan Bradley.
15  Best Win10 commands to diagnose your Internet connection.
15  Apple rejected over 215,000 apps in 2020 for privacy violations.
14  The Week in Ransomware – One down, many more to go.
14  FIN7 Backdoor Masquerades as Ethical Hacking Tool.
14  Microsoft investigating Windows 10 high-pitched noise issue.
14  Microsoft releases firmware update for the Surface Studio 2.
14  Cross-browser tracking vulnerability tracks you via apps.
14  DarkSide ransomware gang quits after servers, bitcoin seized.
13  Win10 KB5003173 update fails with error 0x800f0922, how to fix.
13  Colonial Pipeline restores operations, $5M ransom demanded.
13  Insurance giant CNA fully restores systems after attack.
13  Fresh Loader Targets Aviation Victims with Spy RATs.
13  Apple’s ‘Find My’ Network Exploited via Bluetooth.
13  A fake MSI Afterburner download page is spreading malware.
12  Microsoft fixes WSUS bug blocking Windows security updates.
12  Wi-Fi devices impacted by new FragAttacks vulnerabilities.
12  TeaBot trojan targets banks via hijacked Android handsets.
12  PowerToys version 0.37.2 fixes explorer.exe freezing, & more.
11  Microsoft Outlook bug prevents viewing or creating emails.
11  Windows 7 and 8.1 Patch Tuesday updates are out.
11  Win10 cumulative updates KB5003169 & KB5003173 released.
11  Fake Chrome app anchors rapidly worming cyberattack.
11  Microsoft May Patch Tuesday fixes 55 flaws, 3 zero-days.
11  Three Windows 10 versions reach the end of support today.
11  Adobe fixes Reader zero-day vulnerability exploited in the wild.
11  VLC Media Player 3.0.14 fixes broken Windows automatic updater.
10  Office 365 is blocking emails from Google, LinkedIn domains.
10  State of emergency declared after ransomware hits largest pipeline.
09  Chrome’s new privacy feature restricts online user tracking.
09  How to exclude files & folders from Windows Defender scans.
08  Weekend task: Should I remove KB4023057? – Susan Bradley.
08  Microsoft pulls Win10 AMD driver causing PCs not to boot.
08  U.S. pipeline shuts down operations after ransomware attack.
08  Microsoft removes last remaining Windows 10 upgrade blocks.
07  The Week in Ransomware – Attacking healthcare.
07  Foxit Reader bug lets attackers run malicious code via PDFs.
07  Microsoft releases firmware updates for Surface devices.
07  Edge crashes when watching full-screen YouTube videos.
07  Twitter Tip Jar may expose PayPal address, privacy leak.
06  Dell is fixing vulnerabilities in a firmware update driver.
06  Qualcomm vulnerability impacts many mobile phones.
05  Firefox 88.0.1, Firefox for Android 88.1.3, security updates.
05  Malicious Office 365 apps are the ultimate insiders.
05  Peloton’s leaky API spilled riders’ private data.
05  Windows Defender bug fills up Windows 10 boot drive.
04  Network Solutions & hit by DNS outage.
04  Office non-Security Updates have been published.
04  Chrome adopts Windows 10 exploit protection feature.
04  Reddit is currently facing an outage.
04  Vulnerable Dell driver puts millions of systems at risk.
04  Apple Releases Security Updates.
04  Samsung ends security updates for the Galaxy S8 & S8+.
03  Apple fixes 2 iOS zero-day vulnerabilities used in attacks.
03  Scripps Health cyberattack causes hospital outages.
03  New Attacks Slaughter All Spectre Defenses.
03  New malware downloader rewritten in E-Z Rust language.
02  This Week in Security – by Zack Whittaker.
02  How to stop Win10 Defender from uploading files to Microsoft.
01  Optional weekend task: How to remove IE – by Susan Bradley.